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Abstract 

The reliability of rocket engine systems was ana- 
lyzed by using probabilistic and fuzzy logic techniques. 
Fault trees were developed for Integrated Modular Engine 
(IME) and Discrete engine systems, and then were used 
with the two techniques to quantify reliability. The 
IRRAS (Integrated Reliability and Risk Analysis System) 
computer code, developed for the U.S. Nuclear Regula- 
tory Commission, was used for the probabilistic analyses, 
and FUZZYFTA (Fuzzy Fault Tree Analysis), a code 
developed at NASA Lewis Research Center, was used for 
the fuzzy logic analyses. Although both techniques pro- 
vided estimates of the reliability of the IME and Discrete 
systems, probabilistic techniques emphasized uncertainty 
resulting from randomness in the system whereas fuzzy 
logic techniques emphasized uncertainty resulting from 
vagueness in the system. Because uncertainty can have 
both random and vague components, both techniques 
were found to be useful tools in the analysis of rocket 
engine system reliability. 

Introduction 

Reliability is a factor critical to the lifecycle cost 
of launch vehicles. Therefore, it is imperative that the reli- 
ability of all subsystems, including the rocket propulsion 
system, be improved if costs are to be reduced and the 
U.S. launch vehicle industry is to be competitive. The 
average success ratio of the current stable of United States 
launch vehicles is less than 95 percent; 1 however, new 
programs are calling for launch vehicle reliabilities of 
99.5 percent and greater. Achieving such high vehicle reli- 
abilities requires quantitative predictive tools for assessing 
system risk. This is especially true for the propulsion sys- 
tem, which historically has been the reliability driver in 
space launch vehicles. 1 

In the current state of the art both qualitative and 
quantitative techniques are used to evaluate risk and reli- 
ability. One common technique is to use a fault tree analy- 


sis to perform a risk assessment of a system. A fault tree is 
a graphical model of the sequences of faults and failures 
that lead to an undesired event, such as the loss of a rocket 
engine. A fault tree can be evaluated quantitatively to esti- 
mate the reliability of a system. Such an evaluation is one 
of the core techniques in the probabilistic risk assessment 
of nuclear power plants. 2 Fault trees are valuable for 
assessing large, complex systems because the pictorial 
display provides insight into the system, and the relative 
effects of contributing factors can be quantified. 

To use fault tree analyses, we must have exact 
values for the probability of component failure. In most 
cases, however, these values are not known either because 
either no failure data exists, or because the existing data 
are vague or qualitative or were obtained under conditions 
different from those under which the hardware is being 
investigated. In the case of chemical rocket propulsion, 
little failure data exist. Probabilistic analyses are often 
used to analyze uncertainty due to randomness in the sys- 
tem. These techniques have been useful in assessing risk 
in the chemical, nuclear, and aerospace fields. 3,4 How- 
ever, probability theory requires that a single expected 
value be specified, all other values being deemed less 
probable. Probability theory then predicts the chances of 
achieving that expected value. In other words, probability 
theory requires that data have a statistical basis - a situa- 
tion not often achievable in engineering analyses. There- 
fore, probabilistic analyses are not effective when only 
vague or qualitative data are available. Under conditions 
of vagueness, it may not be possible to select a single 
value that is most probable. Rather, only a range of possi- 
ble values can be specified, all of which are equally likely. 
Recent studies have shown that fuzzy logic can be used to 
analyze many situations where the system description is 
vague or qualitative. 5,6 In this study we developed a com- 
puter model that uses fuzzy logic rules to perform fault 
tree analyses. With this model we can calculate the reli- 
ability of rocket engine systems and compare our results 
to similar analyses done with conventional probabilistic 
approaches. 
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For this study an Integrated Modular Engine sys- 
tem (IME) and a Discrete engine system were evaluated 
by using probabilistic and fuzzy logic techniques. These 
engine systems were previously analyzed, 7 but uncer- 
tainty in the component failure probabilities was not 
addressed. This report discusses probabilistic and fuzzy 
logic approaches to evaluating rocket engine system reli- 
ability. Fault tree results from the probabilistic and fuzzy 
logic analyses of the IME and Discrete engine systems 
will also be provided for two different failure data bases. 
One data base contained data on the number of compo- 
nent failures per operating cycle and the other contained 
data on the number of failures per time period. Finally, 
this report discusses the differences in the results obtained 
with the two techniques, and offers recommendations for 
future work in this area. 

Rocket Engine System Description 

Two rocket engine designs were compared in 
this study. One design, known as the Discrete engine sys- 
tem design, has eight stand-alone engine units configured 
to provide vehicle thrust. In the Discrete design, if one 
component (such as a turbopump) fails, the corresponding 
thrust chamber must be shut down. An alternative design 
is the Integrated Modular Engine. In this design all the 
turbopump assemblies and thrust chamber assemblies are 
connected to common manifolds. In this system, there- 
fore, a turbopump or thrust chamber could be shut down 
independently should a failure occur in either component. 
Die IME design analyzed here has four turbopump 
assemblies and eight thrust chamber assemblies. Both the 
Discrete and the IME designs used an expander cycle 
configuration. A diagram of the Discrete engine system is 
shown in Fig. 1 and the IME system is shown in Fig. 2. 
These designs are described in more detail in references 
7-9. 

Fault Tree Analysis Techniques 

A fault tree is a top-down method for quantify- 
ing reliability on the basis of recognized system failures. 
A major system failure is identified as the top event, and 
the branches of the fault tree represent system conditions 
that may lead to system failure. A system condition can 
be classified either as an individual component failure or 
a degraded component performance state that may, alone 
or in some combination with other system conditions, 
cause the undesired top event to occur. Component fail- 
ures are considered in this report; degraded component 
operational states are not. 

The rate at which system components fail may 
be statistically characterized by their observed occur- 
rence. The failures observed may be categorized as 
demand-based or time-based. Those failures that occur 
during a system operating period (cycles, firings) are 


termed demand-based, and those that occur per unit sys- 
tem operating time (seconds, hours) are termed time- 
based. Both demand-based and time-based data bases 
were available for the analyses reported here. * Because 
the component failure probabilities differed greatly in 
these data bases, both were used for these analyses of the 
rocket engine systems. The failure probabilities that were 
demand-based could be used in the fault tree analyses 
without further mathematical manipulation. However, the 
failure rates that were time-based were converted to fail- 
ure probabilities by using the equation 

P = 1 - exp( -Xt) 

where P is the failure probability, X is the time-based fail- 
ure rate, and t is the operation time, which was assumed to 
be 400 s for the analyses conducted here. 

The probabilistic and fuzzy logic techniques 
used in this study to analyze the fault trees for the IME 
and Discrete systems are described in the following sec- 
tions. 

Probabilistic Technique 

It is difficult to accurately quantify the failure 
rate of rocket engine components because of numerous 
factors. Two factors that contribute to this difficulty are 
the relatively low number of observed failures and a pau- 
city of historical data. To grasp the uncertainty in absolute 
failure rates, we must construct probability distributions 
that encompass the mean value of observed demand- 
based and time-based failures. 

Probability distributions describe a component’s 
failure rate in terms of the mean and the variance of 
observed or estimated values. From these we can predict, 
with various levels of confidence, the probability of a spe- 
cific failure rate for a component. For instance, with a 
normal distribution, as in Fig. 3, the probability that the 
true failure rate is greater than its mean value is 0.5 (i.e. 
50 percent). Confidence intervals may be established by 
bounding the distribution by lower and upper confidence 
limits. For example, a 90-percent confidence interval 
about the mean value in a normal distribution will have 
confidence limits at the 5- and 95-percent probability lev- 
els. Thus, 90-percent confidence exists that the true fail- 
ure rate lies within these limits. Many forms of 
probability distributions have been employed in modeling 
the reliability of mechanical equipment; in this report, we 
use the normal and lognormal distributions 11 with a 20- 
percent coefficient of variation(CoV), which means that 
the standard deviation is ±20 percent of the mean. 

Probabilistic estimates of Discrete and Inte- 
grated Modular Engine system failure rates were obtained 
by using IRRAS (Integrated Reliability and Risk Analysis 
System, Version 4.0), which was developed for the U.S. 
Nuclear Regulatory Commission to do probabilistic risk 
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assessments. 12 Component failure rate data 7,10 and vari- 
ability information were input separately into the soft- 
ware. For the demand-based data base, the probability of 
failure of a component was input directly. For the time- 
based data base, the time-based failure probability equa- 
tion given previously was used to calculate the probability 
of component failure. Each component failure probability 
was then combined with fault tree failure logic to generate 
minimal cut sets. 

A minimal cut set is the smallest combination of 
component failures (basic events) that must occur to 
cause the top event to occur. 13 Here, the top event is 
defined as failure of the IME or the Discrete system to 
provide the required thrust. This top event is caused by 
the failure of more than one redundant component (such 
as turbopumps) or a single-point failure (such as the loss 
of a manifold). A highly reliable system is one that has a 
minimal number of cut sets, a maximum number of com- 
ponent failures within a cut set, and a minimal failure 
probability of all components. Hence, the number of 
branches that can initiate failure of the top event are mini- 
mized and each branch is unlikely to occur. The probabil- 
ity of overall system failure, or point estimate, is 
subsequently determined from the individual minimal cut 
set failure probabilities on the basis of the mean values of 
the component failure rates, without consideration for 
uncertainty. 12 

The Discrete engine system had 112 components 
and 3388 minimal cut sets. All of the Discrete system cut 
sets were composed of two basic events. The IME system 
consisted of 122 components and 2098 minimal cut sets. 
Six of the IME minimal cut sets were single-point failures 
(manifolds, sensors); that is, only one component failure 
was required for the top event to occur. The remaining 
2092 minimal cut sets were composed of 2 components. 
The difference in the number of cut sets for the two sys- 
tems was the result of differences in system integration. 

Like the component failure probabilities, the top 
event failure probability value has an associated uncer- 
tainty. The magnitude of this uncertainty depends on 
many factors, including the number of components, the 
component failure probability distributions, and the fault 
tree failure logic. Uncertainty analyses were conducted 
with the IRRAS code using a Monte Carlo random sam- 
pling technique. This is a technique in which the system 
fault tree is repeatedly analyzed on the basis of a sam- 
pling from each component failure probability distribu- 
tion. The results were assumed to represent the true 
failure state of the system. The IRRAS code reports the 
first four central moments of system failure probability 
distributions: the mean, the variance (reported as standard 
deviation), the skewness (symmetry, reported as coeffi- 
cient of) and the kurtosis (peakedness, reported as coeffi- 
cient of ). The coefficients of skewness and kurtosis equal 


to 0 and 3, respectively, were representative of a normal 
distribution. 

Each component’s relative contribution to the 
overall probability of system failure was measured with a 
dimensionless importance factor, called the Fussell- 
Vesely (F-V) importance measure 12 within the IRRAS 
software. The F-V importance measure indicates the per- 
centage contributed to the overall probability of system 
failure by the cut sets containing the component. Thus, 
the F-V importance measure can be used to identify criti- 
cal components for reliability enhancement. Obviously, 
low F-V values are desirable. 

Fuzzy Logic Technique 

The key concept in fuzzy logic is that of the 
fuzzy set, developed by Lotfi Zadeh in 1965. 14 Fuzzy set 
theory recognizes that there are certain sets which have 
imprecise boundaries. An example of such a set is the set 
of tall people, where tall is a vague or fuzzy term. The 
imprecision in the boundary is quantified by what is 
known as a membership function. This membership func- 
tion represents numerically the degree to which an ele- 
ment is the member of the set. For instance, someone who 
is 5 ft 6 in tall may be assigned a value of 0.5 for the 
membership function of the set of tall people (this person 
could be described as being somewhat tall), whereas 
someone 7 ft tall would have a value of 1 for the member- 
ship function ( very tall). Thus the person who is 5 ft 6 in 
tall is partially a member of the set of tall people, whereas 
the person who is 7 ft tall is completely a member of this 
set. The fuzzy, or multivalent, set has a gradual transition 
between membership and nonmembership. Contrast this 
with the classical set where a sharp division exists 
between membership and nonmembership. If we use 6 ft 
as the discriminating value, in a classical, or bivalent, set 
everyone whose height is over 6 ft would be tall (mem- 
bership function = 1), while everyone whose height is less 
than 6 ft would not be a member of the set (membership 
function = 0). Figure 4 compares the classical set and the 
fuzzy set of tall people. 

Because the fuzzy set allows for various grades 
of membership, the concept is well-suited for use in reli- 
ability analyses. In many such analyses the system reli- 
ability is difficult to evaluate because the failure 
probabilities of components are not known, the environ- 
ment changes from one system to another, or the only data 
available are either vague or qualitative. To evaluate such 
situations we can use a fuzzy set defined over the failure 
probability space. Often a trapezoid is employed to repre- 
sent the failure probability range of a component, as 
shown in Fig. 5. This figure can be interpreted as showing 
a failure probability is around 0.5, but it could be as low 
as 0.25 or as high as 0.75. Experts may provide such a 
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description when asked to evaluate the reliability of a par- 
ticular component. 

Once the fuzzy sets have been determined for 
each component in the system, a fault tree analysis can be 
performed to obtain the overall system reliability. The 
FUZZYFTA (Fuzzy Logic Fault Tree Analysis) code was 
developed at NASA Lewis Research Center. It uses fuzzy 
logic to obtain the probability of an undesirable event. 

The FUZZYFTA code user provides the fuzzy sets that 
describe the component failure probabilities (basic 
events). These component fuzzy sets are derived from 
expert opinion or reliability data bases available to the 
user. In addition, the user supplies the logical relation- 
ships (AND, OR gates) between the top event and the 
basic events. The output from the code is a fuzzy set for 
the probability range of the top event and a point estimate 
of the failure probability. In addition, the code supplies 
importance factors similar to those obtained by using the 
Fussell-Vesely technique for probabilistic analyses. These 
importance factors indicate which components are the 
major contributors to the probability of system failure; 
they are calculated by setting each component’s failure 
probability equal to zero and then calculating the differ- 
ence between the new system failure probability range 
and the baseline failure probability range. 

The FUZZYFTA model uses the extension prin- 
ciple to compute the probability of failure for the top 
event (system) on the basis of the component failure 
fuzzy sets. The extension principle is a general methodol- 
ogy for extending operations in classical mathematics to 
their equivalents by using fuzzy sets, as described in ref- 
erences 15 and 16. The mathematical relations used in 
FUZZYFTA are summarized in Table 1. The relations for 
AND and OR gates were obtained from reference 16. And 
as part of this study, we derived the fuzzy logic relation 
for the N/M gate (N events out of a total of M inputs must 
occur for the gate event to occur) from approximations in 
the literature. ,16 Unlike the probabilistic analysis, the 
FUZZYFTA code does not use Monte Carlo sampling to 
obtain the fuzzy set for the top event. Rather, the code 
obtains the range of possible failure rates for the top event 
by using the relations in Table 1 to directly manipulate the 
four corner points of the trapezoidal fuzzy sets. 

For the demand-based fuzzy fault tree analyses 
in this study, the fuzzy sets representing the component 
failure probabilities were obtained by assuming that the 
extreme values of the trapezoidal fuzzy set were ± 20 per- 
cent of the mean values used in the probabilistic analysis 
previously described. The interior values of the fuzzy set 
were assumed to be halfway between the mean and the 
extreme values. For example, if the mean value of a valve 
failure probability was 0.0002, then the fuzzy set for a 
range of ± 20 percent could be described by a trapezoid 
over the probability range (q* =0.00016, p| =0.00018, 


p, =0.00022, and % =0.00024) with corresponding mem- 
bership function values of (0,1,1, and 0). For this case, 
then, the probability of failure for the valve is most likely 
between 0.00018 and 0.00022, but could be as high as 
0.00024 or as low as 0.00016. 

Results 

We used both probabilistic and fuzzy logic tech- 
niques to analyze the IME and Discrete engine systems. 
Uncertainty analyses are stressed in this report because 
we recognize that the component failure probabilities 
used are uncertain and vague. The results of the demand- 
based failure and the time-based failure data base are pre- 
sented in the following sections. All other demand-based 
and time-based failure data were obtained from references 
7 and 10, except the data for the controllers, the injector 
housing, and the actuator source (which were assumed to 
be 100-percent reliable) and for the sensors (which were 
assigned a failure probability of l.OxlO" 6 ). Neither the 
flow lines, with the exception of manifolds, nor the IME 
turbine bypass valves discussed in reference 7 are consid- 
ered in this report. All component failures in both the 
demand-based and time-based analyses were treated as 
uncorrelated events; that is, each component failed inde- 
pendent of all other components and their operational 
condition. 

Demand-Based Failur e Data Base 

The results from the Monte Carlo sampling tech- 
nique used in the demand-based probabilistic analyses of 
the Discrete and IME systems are summarized in Table 2. 
Two values for the manifold failure probability, lxlO" 5 
and lxlO' 6 , were used to investigate the effects of mani- 
fold failure probability on system reliability. 

From the table we can see that there were only 
small differences (less than 1 percent) between the mini- 
mal cut set (the point estimates based on the mean failure 
rate of each component) and the mean value from the 
Monte Carlo simulations. In addition, the selection of the 
component distribution (normal or lognormal) did not 
appear to affect the mean values. Also, system coeffi- 
cients of variation were less than 5 percent of the mean, 
compared to 20 percent of the mean for the component 
CoV’s. Finally, for most cases the coefficient of skewness 
is approximately 0 and the kurtosis is approximately 3. 
These values indicate that the system failure rate distribu- 
tion is nearly a normal distribution. 

For reliability analyses of systems with high 
degrees of uncertainty, it is important to stress relative 
comparisons between systems rather than the absolute 
values of the reliability estimates. Such comparisons for 
the Discrete and IME systems are made in Fig. 6, which 
shows the results of using IME manifold failure probabil- 
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ities (P» man) of l.OxlO" 5 and l.OxlO' 6 , with a 20-percent 
component CoV. From this figure it is clear that the Dis- 
crete system is more reliable than the IME if we assume a 
manifold failure probability of 1.0x10^. From a calcula- 
tion using the mean and standard deviation of the two dis- 
tributions, 16 the IME had only a 0.0003 probability of 
being more reliable than the Discrete engine system. 
Although the IME has fewer components (and fewer min- 
imal cut sets) than the Discrete system, the reliance on 
those few components is high. This is especially true of 
the manifolds which represent single point failures. The 
F-V importance factors provided by the IRRAS code also 
indicated that for these failure probabilities the manifolds 
were the most significant contributors to failure in the 
IME, followed by the valves. 

When a lower value is chosen for the manifold 
failure rate (1.0xl0‘ 6 ), as shown in Fig. 6, the IME 
becomes more reliable than the Discrete system. The data 
in Table 2 indicate that the IME had a 0.998 probability of 
being more reliable than the Discrete engine system with 
a reduced manifold failure probability. Under these condi- 
tions the manifolds were no longer the most significant 
contributor to failure. The F-V importance factors showed 
that the valves were the most likely cause of IME system 
failure. These results confirm those obtained in reference 
7, which state that the IME can be made to be more reli- 
able than the Discrete system if the manifold reliability is 
high. In addition, the results indicate that although much 
effort should be spent on making the manifolds more reli- 
able in the IME, significant consideration should be 
placed on improving valve reliability as well. 

The results for the demand-based fuzzy logic 
fault tree analysis using FUZZYFTA are shown in Fig. 7. 
For the case where the EME manifold failure probability 
was l.OxlCT 5 , the IME clearly had a higher failure proba- 
bility than the Discrete system. However, in contrast to 
the probabilistic results shown in Fig. 6, there was signifi- 
cant overlap in the fuzzy sets. Because of the overlap of 
the fuzzy sets, a calculation based on correlations in refer- 
ence 17 was performed to determine the probability that 
the IME was more reliable than the Discrete engine. The 
probability was determined by dividing the overlap area 
by the total area of the two fuzzy sets. The calculation 
showed that the IME had a 0.139 probability of being 
more reliable than the Discrete engine. This value is con- 
siderably higher than the value obtained by using the 
probabilistic analysis, thereby reflecting the overlap of 
the fuzzy sets. Figure 7 also shows similar results for the 
case in which the IME manifold reliability was assumed 
to be lxlO' 6 . As in the probabilistic analyses, the IME 
was more reliable than the Discrete system when the 
lower manifold failure probability was used; it had a 
0.676 probability of being more reliable than the Discrete 
engine system for this manifold failure probability. The 
fuzzy sets again showed significant overlap, however. The 


importance factors calculated by FUZZYFTA were also 
similar to those calculated by IRRAS, with the valves 
being the most significant contributor to the system risk in 
the IME when the manifold failure probability was 
reduced. 

Time-Based Failure Data Base 

The time-based analyses of the Discrete and 
IME systems were conducted with a baseline system 
operation time of 400 s. This operation time was selected 
as typical of a single engine firing, which agrees with the 
manner in which the failure rate values were established 
in reference 10. Although a single mission time was 
selected, previous Markov analyses have demonstrated 
that the probability of system failure nonlinearly increases 
with increasing duration of system operation. 7 This obser- 
vation has been confirmed with the present fault tree anal- 
yses. 

The results of the time-based probabilistic sys- 
tem analyses are shown in Table 3. Some general conclu- 
sions can be drawn from an overview of the first four 
system failure probability distribution moments generated 
from the Monte Carlo simulations. The means and medi- 
ans were approximately equal to the calculated point esti- 
mates (min. cut upper bound); the greatest difference was 
1.55 percent. System CoV’s were much smaller than the 
assumed component CoV’s. The component distribution 
type (normal or lognormal) had little effect on the system 
CoV’s, but clearly played a role in skewness. The system 
distributions exhibited normal distribution characteristics: 
coefficients of skewness near 0 and coefficients of kurto- 
sis approximately 3. Prior to the analyses we did not know 
that the system distributions would be nearly normal. This 
result could, however, be affected by differences in sys- 
tem configuration in future designs. 

The Discrete system exhibited a point estimate 
failure probability of 0.2126, and the IME system demon- 
strated a 0.2584 point estimate failure probability based 
on reference 7 manifold failure rates, which are the base- 
line values shown in Table 3. Figure 8 graphically com- 
pares the uncertainty results of these two rocket engine 
systems with different manifold reliabilities. With 20-per- 
cent component CoV, the IME system has a 0.007 proba- 
bility of being more reliable than the Discrete system. The 
conclusion that the IME system is, in general, less reliable 
than the Discrete system becomes clearer when the mini- 
mal cut sets from the IME fault tree are studied. Although 
the IME system has 1290 fewer cut sets than the Discrete 
system, the IME system is vulnerable to those cut sets 
composed of 1 basic event (single point failures), particu- 
larly the manifolds. This conclusion was further sup- 
ported by the F-V importance measure, which was largest 
for these manifolds. 
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By reducing the failure probability of all IME 
system manifolds to 0.0001, the findings detailed in the 
previous paragraph were reversed. Figure 8 compares the 
two rocket engine systems under the revised manifold 
failure rate condition of IxlO -4 . Now, with a 20-percent 
component CoV, the IME system has a 0.995 probability 
of being more reliable than the Discrete system. With the 
reduced rate for manifold failure, the thrust chambers 
become the most critical components contributing to the 
unreliability of both the Discrete and IME systems, as 
indicated by the F-V importance measure. This happens 
because the combustion chambers have the highest com- 
ponent failure rate, and the relative importance of the sin- 
gle point manifold failures has diminished. These results 
differ significantly from those obtained with the demand- 
based failure data base, which showed that the valves 
were the biggest contributor to failure with a reduced 
manifold failure probability. 

The results from the time-based fuzzy logic sys- 
tem analysis with the FUZZY M A code are graphically 
presented in Fig. 9. The results of the time-based analysis 
showed that the IME had a 0.251 probability of being 
more reliable than the Discrete system. By reducing all 
manifold failure rates to 0.0001, the IME system fuzzy 
failure probability was reduced, thus making the IME sys- 
tem more reliable than the Discrete system. On the basis 
of the lower manifold failure probability the IME had a 
0.715 probability of being more reliable than the Discrete 
system. These results are similar to the probabilistic anal- 
yses conducted with the IRRAS code. It is interesting to 
note, however, that the importance factors 15 calculated for 
all fuzzy fault tree analyses ranked the combustion cham- 
bers as the most critical component in improving system 
reliability even when high manifold failure rates were 
used. This is in contrast to the F-V importance measure in 
the probabilistic analysis which ranked the manifolds as 
the major contributors to the minimal cut upper bound for 
the IME high manifold failure rate case. These results 
seem to indicate that refinements must be made in the 
importance calculations for fuzzy fault tree analyses. 

Examination of the demand-based and time- 
based data showed that system uncertainty was actually 
larger than component uncertainty in the fuzzy fault tree 
approach. For instance, when the most likely probability 
of component failure was ±10 percent, in the Discrete 
system the most likely probability of system failure was 
approximately ±20 percent of the point estimate. In con- 
trast, when a component standard deviation of 20 percent 
was used for the probabilistic analysis, the Discrete sys- 
tem failure probability had a standard deviation of 
approximately 5 percent. Therefore, system uncertainty 
was less than component uncertainty in the probabilistic 
approach. In addition, the fuzzy logic fault tree results 
have demonstrated extreme values which were larger than 
the minimum/maximum values calculated in the probabi- 


listic analyses. On the basis of these results, the fuzzy 
logic technique is apparently more conservative than the 
probabilistic approach. 

When we examine both the demand-based and 
time-based results, it is important to note the differences 
between the probabilistic distributions and fuzzy sets. In 
the probabilistic distribution, only 68 percent of the nor- 
mal distribution is bounded by ±1 standard deviation, 
whereas in the fuzzy logic example the entire possibility 
of failure is bounded within the description of the fuzzy 
set. In addition, as noted in reference 16, the fuzzy logic 
approximations used to calculate the failure probability 
will provide a conservative result. Because of these fac- 
tors, the fuzzy sets show significant overlap in contrast to 
the probabilistic comparison. 

The time-based probabilistic system analysis 
results shown in Table 3 are four to five orders of magni- 
tude larger than the demand-based analysis results 
reported in Table 2, This was also true for the fuzzy logic 
results in Figs. 7 and 9. This difference is a direct result of 
using different failure rates and different calculation pro- 
cedures. However, the importance of the analysis lies in 
the relative comparison of the systems, rather than the 
absolute magnitude of the failure probabilities. General 
trends that are observed in one analysis approach, whether 
it be based on demand or time, can be compared to the 
trends observed in another analysis approach if relative 
differences are considered. 

Fuzzy Logic and Probability. 

In the analyses described in this report, probabi- 
listic and fuzzy logic techniques were used. These are 
techniques that are used to try to estimate uncertainty in a 
system. But all uncertainty is not the same. Random 
uncertainty describes the chances that a single value 
might be achieved, whereas vagueness describes a range 
of possible values. Probabilistic analyses describe random 
uncertainty whereas fuzzy logic analyses deal with vague- 
ness in the system. To fully understand a system, it is nec- 
essary to acknowledge and determine both types of 
uncertainty. This is especially true for descriptions of 
hardware failures. Some components fail completely, 
whereas others fail partially. Or the component has more 
than one failure rate because the system is not operated 
the same way each time it is turned on. In addition, human 
interactions with hardware consist of both random and 
vague actions, which also affect the failure rates of sys- 
tems. 

With probabilistic approaches to fault tree analy- 
ses, we can determine the system failure probability and 
uncertainty on the basis of defined fault tree logic and 
component failure probability distributions. Uncertainty 
in the failure rate is quantified through the distribution 
type and the distribution moments (mean, variance, etc.). 
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With the fuzzy logic fault tree approach, we can deter- 
mine system failure probability on the basis of defined 
fault tree logic and vagueness in component failure rates. 
Fuzzy sets are used instead of distributions to describe 
component failure rate uncertainty, and those fuzzy sets 
are manipulated on the basis of fault tree logic to obtain 
an estimate of the system failure probability and uncer- 
tainty. The analyses here showed that the system uncer- 
tainty calculated by using the probabilistic approach was 
less than the assumed component uncertainty. In contrast, 
the fuzzy logic approach calculated system vagueness, 
which was larger than the assumed component vagueness. 
In addition, the most likely system failure probability 
regions calculated from the fuzzy fault tree analyses are 
broader than the 90-percent confidence intervals deter- 
mined from the probabilistic fault tree analyses. This 
result reinforces the belief that the probabilistic approach 
is merely a subset of the fuzzy logic technique. 

Currently, fuzzy logic techniques are not as 
sophisticated as probabilistic techniques in analyzing sys- 
tem reliability. For instance, it is clear from this analysis 
that the importance factors in the fuzzy fault tree 
approach need to be refined. Fuzzy logic techniques hold 
promise, however, in treating vagueness in system reli- 
ability analyses. As shown here, the technique is intuitive 
to an engineer’s understanding of uncertainty and repre- 
sents a valid approach for treating situations lacking in 
comprehensive data. Further development of fuzzy logic 
techniques could add another tool for analyzing the 
uncertainty of engineering systems. 

Concluding Remarks 

Probabilistic and fuzzy logic techniques were 
used in a study to evaluate the reliability of rocket engine 
systems. Fault trees were developed for the Integrated 
Modular Engine (IME) and the Discrete engine systems. 
These fault trees were quantified probabilistically by 
using the IRRAS computer code, developed for the U.S. 
Nuclear Regulatory Commission. Fuzzy logic analyses 
were performed using FUZZYFTA, a model developed at 
NASA Lewis Research Center for the quantification of 
fuzzy fault trees. 

On the basis of assumptions used in this study, 
the Discrete system was found to be more reliable than 
the IME for the baseline cases studied. The IME was 
found to be more reliable than the Discrete engine only 
under conditions of significantly improved manifold reli- 
ability. These results were the same for both the probabi- 
listic and the fuzzy logic approaches. However, the fuzzy 
logic technique showed a larger range of uncertainty in 
the results than did the probabilistic technique. Also, the 
results of the analyses indicated that in addition to mani- 
folds, valves and combustion chambers were key reliabil- 
ity drivers. 


For many systems, component reliability data 
are uncertain, which increases the difficulty in determin- 
ing system risk. Therefore, analyses are required to ensure 
that uncertainty is neither misunderstood nor ignored. 
This becomes especially important during the initial 
design phase of a project, when modifications can be 
made prior to hardware construction. Because uncertainty 
includes both random and vague components, multiple 
techniques are necessary for determining system reliabil- 
ity. The analyses presented here show that both probabi- 
listic and fuzzy logic techniques are extremely useful 
tools in determining and managing uncertainty in rocket 
engine systems. 
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TABLE 1. - MATHEMATICAL RELATIONS FOR PROBABILISTIC AND FUZZY FAULT TREE ANALYSES 

(From references 12 and 16) 


Gate type 

Probabilistic relation 

Fuzzy logic relation 

AND 
(2 inputs) 

p=pip 2 

p = Pj 0 p 2 

P = (qi.iqa. Pl,lPl,2> Pr, lPr,2> qr,iqr,2) 

OR 

(2 inputs) 

p=i-(i-p,)(i-p 2 ) 

Pu = 1 - p i 

Pt,l = d-qr. 1 . 1_ Pr,l» l*Pl,l» Hi) 
Pt.2=l-P2 

Pt,2 = (1^,2- ^ ~Pr,2> 1"P|,2> l'Ql.2) 

P=l-P a O Pt,2 

N/M 

Pj =p 2 =p 3 =... 

C = M!/(N!(M-N)!) 
P = 1 -(1-Pi 2 ) c 

P,=P 2 = P 3 =... 

C =M!/(N!(M-N)!) 

Pi 2 =(qu 2 . Pi,i 2 .Pr,i 2 .qr,i 2 ) 

1 -P 1 2 =(l-q r>1 2 , l-p r ,i 2 , 1-Pu 2 , l-q u 2 ) 
P = 1 - (l-Pi 2 ) C 


Where 


P 

Pt.P2.P3 

qi 

pi 

Pr 

Or 

N 

M 


Gate probability; 

Bottom event (input) probability; 

Left extreme value of trapezoidal fuzzy set; 

Left interior value of trapezoidal fuzzy set; 

Right interior value of trapezoidal fuzzy set; 

Right extreme value of trapezoidal fuzzy set; 

Number of input events (out of M) which must 
occur for the N/M gate failure to occur; 

Total number of input events in an N/M gate; 
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TABLE 2. - DEMAND-BASED PROBABILISTIC SYSTEM ANALYSES (IRRAS), 
MONTE CARLO SAMPLING, 2000 SAMPLES 

a) Discrete Engine System (point estimate = 7. 01 8x1 O' 5 ) 


Component Distribution 

Normal 

Lognormal 

Component CoV 

20% 

20% 


7.004 

7.025 

Median (xlO -5 ) 

6.998 

7.019 

5th Percentile (xlO* 5 ) 

6.455 

6.477 

95th Percentile (xlO -5 ) 

7.568 

7.596 

Minimum (xlO* 5 ) 

5.847 

5.828 

Maximum (xlO* *) 

8.098 

8.490 

Standard Deviation (xlO^ 5 ) 

3.396 

3.439 

Coefficient of Variation 

4.8% 

4.9% 

Coefficient of Skewness 

.0143 

.1383 

Coefficient of Kurtosis 

3.083 

3.111 


b) Integrated Modular Engine system (point estimate = 1. 027x1c 4 ), manifold failure probability = l.OxlO' 5 


Component Distribution 

Normal 

Lognormal 

Component CoV 

20% 

20% 

Mean (xlO -4 ) 

1.027 

1.027 

Median (xlO"*) 

1.026 

1.025 

5th Percentile (xlO 4 ) 

0.946 

0.947 

95th Percentile (xlO* 4 ) 

1.109 

1.118 

Minimum (xlO -4 ) 

0.853 

0.875 

Maximum (xlO -4 ) 

1.172 

1.238 

Standard Deviation (xlO* 6 ) 

4.945 

5.173 

Coefficient of Variation 

4.8% 

5.0% 

Coefficient of Skewness 

-.0025 

.2756 

Coefficient of Kurtosis 

2.967 

3.100 


c) Integrated Modular Engine system (point estimate = 5.778X10' 5 ), manifold failure probability — 1.0x10 6 





































TABLE 3. - TIME-BASED PROBABILISTIC SYSTEM ANALYSES (IRRAS), 
MONTE CARLO SAMPLING, 2000 SAMPLES 

a) Discrete Engine System (point estimate = 0.2126) 


Component Distribution 

Norma] 

Lognormal 

Component CoV 

20% 

20% 

Mean (xlCr 1 ) 

2.123 

2.125 

Median (xlO 1 ) 

2.123 

2.121 

5th Percentile (xlO* 1 ) 

1.910 

1.915 

95th Percentile (xlO 1 ) 

2.350 

2.360 

Minimum (xlO' 1 ) 

1.664 

1.737 

Maximum (xlO* 1 ) 

2.632 

2.702 

Standard Deviation (xlO 2 ) 

1.318 

1.341 

Coefficient of Variation 

6.2% 

6.3% 

Coefficient of Skewness 

.06747 

.2313 

Coefficient of Kurt os is 

3.085 

3.145 


b) Integrated Modular Engine system (point estimate = 0.2584), manifold #1 failure rate = 0.0264/1000 s 
(failure probability =.0105), manifolds #2-5 failure rate = 0.066/1000 s (failure probability =.0261) 
(baseline) 


Component Distribution 

Normal 

Lognormal 

Component CoV 

20% 

20% 

Mean (xlO' 1 ) 

2.581 

2.585 

Median (xlO 1 ) 

2.580 

Z578 

5th Percentile (xlO* 1 ) 

2.369 

Z371 

95th Percentile (xlCT 1 ) 

2.803 

2.817 

Minimum (xlO 1 ) 

2.155 

Z195 

Maximum (xlO' 1 ) 

3.050 

3.091 

Standard Deviation (xlO* 2 ) 

1.310 

1.342 

Coefficient of Variation 

5.1% 

52 % 

Coefficient of Skewness 

.08594 

.1302 

Coefficient of Kurtosis 

3.131 

Z829 


c) Integrated Modular Engine system (point estimate = 0.1675), manifold failure rate =.00025/1000 s 
(manifold failure probability = 0.0001) 


Component Distribution 

Normal 

Lognormal 

Component CoV 

20% 

20% 

Mean (xKT 1 ) 

1.676 

1.672 

Median (xlO' 1 ) 

1.676 

1.668 

5th Percentile (xl 0* 1 ) 

1.491 

1.488 

95th Percentile (xlO' 1 ) 

1.869 

1.875 

Minimum (xlO -1 ) 

1.330 

1.314 

Maximum (xlO' 1 ) 

Z071 

Z181 

Standard Deviation (xlO* 2 ) 

1.151 

1.178 

Coefficient of Variation 

6.9% 

7.0% 

Coefficient of Skewness 

.1167 

.3271 

Coefficient of Kurtosis 

2.907 

3.322 
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Figure L- Discrete engine diagram, expander cycle configuration. 
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Figure 2.- Integrated Modular Engine diagram, expander cycle configuration. 
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Figure 3.- Normal failure rate probability distribution. 
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Figure 4.- Comparison of classical and fuzzy sets. 
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Figure 6.- Comparison of demand-based IME and Discrete engine system 
failure probability distributions. 
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Figure 8.- Comparison of time-based IME and Discrete engine system 
failure probability distributions. 
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Figure 9.- Comparison of time-based IME and Discrete engine system 
failure probability fuzzy sets. 
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